Kaspersky Lab Anti-Virus 2011, DE/FR/IT KL1137XBAFS-SUI 사용자 설명서
제품 코드
KL1137XBAFS-SUI
U
S E R
G
U I D E
110
I
N THIS SECTION
:
Enabling and disabling System Watcher .......................................................................................................................
Using patterns of dangerous activity (BSS) ...................................................................................................................
Rolling back a malicious program's actions ...................................................................................................................
E
NABLING AND DISABLING
S
YSTEM
W
ATCHER
By default, System Watcher is enabled, running in a mode that depends on the current mode of Kaspersky Anti-Virus
–
automatic or interactive.
You are advised to avoid disabling the component, except for emergency cases, since this inevitably impacts efficiency
of Proactive Defense and other protection components operation that may request the data collected by Activity monitor
in order to identify the potential threat detected.
of Proactive Defense and other protection components operation that may request the data collected by Activity monitor
in order to identify the potential threat detected.
To disable System Watcher:
1. Open the application settings window.
2. In the left part of the window, in the Protection Center section, select the System Watcher component.
3. In the right part of the window, uncheck the Enable System Watcher box.
U
SING PATTERNS OF DANGEROUS ACTIVITY
(BSS)
Patterns of dangerous activity (BSS
– Behavior Stream Signatures) contain sequences of actions typical of applications
classified as dangerous. If an application's activity matches a pattern of dangerous activity, Kaspersky Anti-Virus
performs the specified action.
performs the specified action.
When Kaspersky Anti-Virus is updated, patterns of activity used by System Watcher are supplied with new ones on-the-
fly for up-to-date and reliable protection.
fly for up-to-date and reliable protection.
By default, when Kaspersky Anti-Virus runs in automatic mode, if an application's activity matches a pattern of dangerous
activity, System Watcher moves this application to Quarantine. When running in interactive mode (see page
activity, System Watcher moves this application to Quarantine. When running in interactive mode (see page
), System
Watcher prompts the user for action. You can specify the action that the component should perform when an
application's activity matches a pattern of dangerous activity.
application's activity matches a pattern of dangerous activity.
In addition to exact matching between applications' activities and patterns of dangerous activity, System Watcher also
detects actions that partly match patterns of dangerous activity, being considered suspicious based on the heuristic
analysis. If suspicious activity is detected, System Watcher prompts the user for action regardless of the operation mode.
detects actions that partly match patterns of dangerous activity, being considered suspicious based on the heuristic
analysis. If suspicious activity is detected, System Watcher prompts the user for action regardless of the operation mode.
To select the action that the component should perform if an application's activity matches a pattern of dangerous
activity:
activity:
1. Open the application settings window.
2. In the left part of the window, in the Protection Center section, select the System Watcher component.
3. In the right part of the window, in the Heuristic analysis section, check the Use updatable patterns of
dangerous activity (BSS) box.
4. Click Select action and then specify the required action on the dropdown list.